CN106533650A - Cloud-oriented interactive privacy protection method and system - Google Patents
Cloud-oriented interactive privacy protection method and system Download PDFInfo
- Publication number
- CN106533650A CN106533650A CN201611027772.XA CN201611027772A CN106533650A CN 106533650 A CN106533650 A CN 106533650A CN 201611027772 A CN201611027772 A CN 201611027772A CN 106533650 A CN106533650 A CN 106533650A
- Authority
- CN
- China
- Prior art keywords
- data
- cloud server
- encryption
- attribute
- anonymization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud-oriented interactive privacy protection method and system. The privacy protection method is characterized in that a data owner uploads encrypted data and stores the encrypted data on a cloud server for a long time, and data sharing services meeting privacy protection requirements are provided; when a client sends a data request, anonymization processing of the encrypted data is directly carried out on the cloud server, and the data meeting the privacy protection requirements is output; and during the anonymization processing, the cloud server can interact with a proxy server for comparison processing of ciphertext data. The method has the advantages that the data stored in an encrypted manner can serve multiple purposes; and diversified privacy protections can be easily achieved. The privacy protection system has two preconditions: a cloud service provider may be a privacy attacker, but the services must be provided according to a protocol; and the client promises not to forward an obtained data sheet to any unauthorized third party (including the cloud service provider), so that conspiratorial attacks are prevented.
Description
Technical field
The present invention relates to secret protection field, more particularly to a kind of interactive method for secret protection towards high in the clouds and it is
System.
Background technology
With the arrival of cloud computing era, the characteristics of people increasingly like the facility and extensibility using cloud platform
High in the clouds carries out data storage and calculating, also just has increasing technical backstopping in the related service of cloud computing and platform.In cloud
Under computation schema, mass data can be uploaded to high in the clouds by network and be processed by data owner, but high in the clouds presence can not
The factor leaned on, the individual privacy information in data can all have compromised possibility in transmission, storage and processing procedure.Cause
This, the secret protection research under cloud environment has become the important research direction in secret protection field.
It is the facilitated method for realizing high in the clouds safety storage to be encrypted with the external bag data of encryption method.But it is general
After logical encryption technology is encrypted to data, it is difficult to studied with ciphertext, and homomorphic cryptography technology is provided
This possibility.To provide data sharing service, secret protection process was carried out before to high in the clouds ciphertext data deciphering, can be used
Homomorphic cryptography technology come realize decrypt before data processing.
The system is based on above-mentioned present situation, and full homomorphic cryptography technology, secret protection technology and cloud environment are combined, and proposes one
Kind towards it is under high in the clouds, full homomorphic cryptography technology, for realize data safety storage and protect data handling procedure personal secrets
Interactive method and system.The major technique that concrete grammar is related to has:
Full homomorphic cryptography technology:The concept of homomorphic cryptography is just proposed early in Rivest in 1978 et al., but is stopped ever since
It is stagnant not before.After Gentry in 2009 constructs first full homomorphic encryption scheme, have and develop rapidly.Full homomorphic cryptography
Main contributions be realize in the case of non-decrypting encryption data is carried out arithmetic operation be equal in plain text carry out it is same
The possibility of arithmetic operation, this is made that major contribution to cryptographic development.
Secret protection technology:Data anonymous are the major techniques for realizing secret protection, by the privacy to initial data
After information carries out certain change so that attacker can not deduce specific certain individuality, so as to realize to individual privacy
Protection.
The duplicate protection of data-privacy can be realized with reference to full homomorphic cryptography technology and anonymization technology, number can either be ensured
According to safety storage beyond the clouds, the security of high in the clouds data handling procedure is also can guarantee that, final shared data can also meet hidden
Private protection is required.
The content of the invention
It is an object of the invention to provide a kind of interactive method for secret protection and system towards high in the clouds, by full homomorphic cryptography
Technology and secret protection technology combine, and apply in cloud computing, it is ensured that the security of high in the clouds data storage, and provide
Data sharing service, realizes that high in the clouds directly carries out anonymization process to encryption data.With this system, it would however also be possible to employ different
Privacy parameters or secret protection require to carry out anonymization process, moreover it is possible to which the data of encryption storage are used for various data mining tasks
With various data sharing query tasks.
The high in the clouds intimacy protection system for being proposed has two premises:One be cloud service provider be probably privacy attack
Person, but it is certain according to agreement offer service;Two is that client is promised to undertake and is not transmitted to obtained tables of data and carries including cloud service
For business it is interior it is unwarranted other people, therefore there is no conspiracy attack.
To achieve these goals, the present invention is privacy attack person for cloud service provider it is assumed that designing facing cloud
The interactive method for secret protection at end, is mainly realized by following steps:
1) data owner is according to each columns that full homomorphism key schedule is each attribute in extended coding tables of data
According to being individually created key to (pkij,skij), i represents attribute sequence number, and j represents data row number, uses public key pkijIt is encrypted respectively
Process, obtain encryption data table;
2) data owner generates key to (pk according to full homomorphism key schedulecomp,skcomp), use public key pkcomp
Cryptographic Extensions coded data table all properties data are arranged, and obtain encryption data table copy;
3) data owner is by encryption data table and encryption data table copy, and in tables of data each attribute anonymization layer
Level structure file, coding rule, public key pkcompCloud server storage is uploaded to as data outsourcing form;
4) client request shared data, first transmits the request to cloud server, cloud server record request numbering
Uid, is subsequently forwarded to proxy server;
5) proxy server determines privacy parameters and indicates that cloud server starts to perform the anonymity based on full homomorphic cryptography
Change is processed, and specifically includes following sub-step:
5.1) cloud server request proxy server assists to complete ciphertext comparing computing, proxy server private key
skcompTo needing the ciphertext for comparing to be decrypted, plaintext comparison is then carried out, comparison result is back to into cloud server;
5.2) cloud server performs anonymization using the assistance of the outer bag data and proxy server that store beyond the clouds
Process, search out the data row for meeting secret protection requirement;
6) to proxy server, proxy server generates interim close the information transmission that shareable data is arranged by cloud server
Key (pktemp,sktemp), and use temporary public key pktempEncryption data row corresponding private key ski,tObtain pski,t, t represents ith attribute
T row;
7) proxy server is by temporary public key pktempAnd pski,tIt is uploaded to cloud server, cloud server pktempWith
pski,tRe-encrypted step 1) in encryption data table, obtain public key pktempUnder re-encryption tables of data;
8) client downloads re-encryption tables of data from cloud server, obtains coding rule, and obtains from proxy server
Temporary private sktemp, re-encryption tables of data is decrypted and can just obtain meeting secret protection requirement with encoded translated afterwards
Tables of data.
Further, the step 1) in, described extended coding tables of data is a kind of based on each attribute anonymization level
The data sheet form of structure and coding rule, is that the data that data owner possesses are extended with process and coded treatment acquisition
's.Extension process is according to attribute anonymization hierarchical structure, by fuzzyyer tables of data indicating value insertion tables of data;Coded treatment
It is that each attribute data in tables of data is represented with unique coding form.Described attribute anonymization hierarchical structure is configured by XML
Document definition, by att element definitions, att elements include two attributes to individual data attribute:Index represents that data attribute is numbered,
Name represents data attribute title.Individual data attribute tree includes node elements by vgh element definitions, in vgh elements,
Raw value or obfuscation data value are by node element definitions, the data shape of innermost layer node element representation data owners
Formula, the data of outer layer node element representations are the more fuzzy representations to nexine data.The anonymization hierarchical structure of each attribute is not
Together, also sets itself can be needed according to system.
Further, the step 1) and step 2) in, described encryption data table is used for data publication;Encryption data table
Copy is used for data anonymousization and processes operation.
Further, the step 3) in, described data outsourcing form includes encryption data table and encryption data table pair
This, and attribute anonymization hierarchy structure file, coding rule, public key pkcomp, both ensure that data in upload and storing process
Security in turn ensure that the security of data in cloud server data handling procedure.
Further, the step 5) in, described secret protection requires to refer to the sensitive information avoided in shared data
It is associated with individual, and privacy parameters is referred to reach the parameter set by secret protection requirement, different secret protections is required
The privacy parameters of setting are different, and secret protection parameter, secret protection require can sets itself, be not that fixation can not
Become.Described anonymization process be data and data source are hidden or Fuzzy Processing technology.It is described based on complete
The anonymization of homomorphic cryptography is processed and refers to the anonymization process realized with homomorphism addition and multiplying under ciphertext.
A kind of interactive intimacy protection system towards high in the clouds, the system include data owner, proxy server, client
End and cloud server, data owner's connection proxy server and cloud server, described proxy server connection high in the clouds
Server, and do not exist and to collude with behavior with cloud server;
Described data owner is the side for possessing mass data, for generating homomorphism key pair, and data is carried out
Encryption;Encryption data table and copy, the anonymization hierarchy structure file of each attribute, public key and coding rule are sent to into high in the clouds
Server;Private key is sent to into proxy server.
Described proxy server is the service end trusted by data owner, for determining that privacy parameters are required;From
Private key is obtained at data owner, and generates interim homomorphism key pair, private key is encrypted;Realize and cloud server
Information exchange;Distribute temporary key for client.
Described cloud server, for the safety storage of encryption data table, the anonymization of ciphertext data is processed;In anonymity
Information exchange is carried out with proxy server in changing processing procedure, the comparison between ciphertext is realized.
Described client is to send a side of data sharing request, obtains re-encryption tables of data, coding rule and interim
After private key, realize that data deciphering is shared.
The present invention has advantages below:Extended coding tables of data is uploaded after being encrypted using homomorphic cryptography technology
To cloud server, it is ensured that upload the security with data in storing process;Data are stored in cloud service in an encrypted form
Device, cloud server can directly carry out homomorphism arithmetic operation to ciphertext data, and the privacy realized in data handling procedure is protected
Shield;Data longer-term storage after encryption server beyond the clouds, there is provided meet the number of different privacy parameters and secret protection requirement
According to shared service;The data of encryption storage can have multiple use, such as common for various data mining tasks and various data
Enjoy query task.
Description of the drawings
Fig. 1 is the interactive intimacy protection system towards high in the clouds of the present invention;
Fig. 2 is the interactive method for secret protection basic flow sheet towards high in the clouds;
Fig. 3 is the anonymization hierarchy structure file instance graph of three attributes.
Specific embodiment
The present invention use the higher full homomorphic encryption schemes of the BGV based on RLWE of current efficiency (Z.Brakerski,
C.Gentry,and V.Vaikuntanathan.(leveled)fully homomorphic encryption without
bootstrapping.TOCT,6(3):13,2014.Preliminary version in ITCS 2012.), for the ease of reason
Principle to full homomorphic cryptography is made introduction by solution first.
Firstth, parameter setting.The full homomorphic encryption scheme that the present invention is adopted is based on polynomial ring, polynomial ringD is 2 power power, and λ is the security parameter of homomorphic encryption scheme, and ciphertext multinomial coefficient takes μ bit moulds
Number q, L is binary arithmetic operation circuit depth, other specification (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) is guaranteeing 2λSecurity.N=1 is exactly instantiation of the setting based on RLWE.
In order to allow full homomorphic cryptography to be applied to universe anonymity algorithm, plaintext space is set as R2=R/2R.
Secondth, key schedule.Key is as follows to generating:GHE.SecretKeyGen(params):Choose s' ← χn,
Obtain private keyGHE.PublicKeyGen(params,sk):Private
Key as input sk=s=(1, s'), s [0]=1,Also parameter params=(q, d, n, N, χ).It is uniform to generate one
Individual matrixOne vector e ← χNA is arranged with a set b ← A's'+2e. becomes (n+1) column matrix comprising b,
Aft section is the n column matrix (A s=2e) of-A'.Public key pk=A.
Circulation j=L to 0, runs paramsj←GHE.Setup(1λ,1(j+1)·μ, b) come the level of the mould that obtains successively decreasing from qL
((L+1) μ bits) is to q0(μ bits). circulation j=L-1 to 0, parameter paramsjMiddle djValue be replaced by d=dL, it is distributed χj
It is replaced by χ=χL。
FHE.KeyGen(paramsj):J=L is to 0 for circulation, is implemented as described below:
1st, run sj←GHE.SecretKeyGen(paramsj)and Aj←GHE.PublicKeyGen(paramsj,
sj)。
2nd, arranges'jIt is sjTensor, its coefficient is in RqjIn sjTwo coefficients
Product.
3rd, s is set "j←BitDecomp(s'j,qj)。
4th, run τs”j+1→sj←SwitchKeyGen(s”j,sj-1), this step is omitted as j=L.
Private key sk includes all sj, public key pk include all AjAnd τs”j+1→sj。
3rd, AES.FHE.Enc(params,pk,m):In R2In find information m, run GHE.Enc (AL,m)。
GHE.Enc(pk,m):In order to encrypt an information m ∈ R2, arrangeSamplingOutput
Ciphertext
4th, decipherment algorithm.FHE.Dec(params,sk,c):Assume that ciphertext is in sjUnder, run GHE.Dec (sj,
c).GHE.Dec(sk,c):Output decryption information m ← [[<c,s>]q]2。
5th, homomorphism addition.FHE.Add(pk,c1,c2):Input two equally uses private key sjThe ciphertext of encryption.C is set3
←c1+c2mod qj。c3It is exactly in s'jUnder ciphertext (s'jParameter include all sjParameter becauseAnd
And s'jFirst coefficient for 1), export c4=FHE.Refresh (c3,τs”j→sj-1,qj,qj-1)。
6th, homomorphism multiplication.FHE.Mult(pk,c1,c2):Input two equally uses private key sjThe ciphertext of encryption.First,
New ciphertext is in private keyUnder, it is linear equalityCoefficient vector c3, export c4=
FHE.Refresh(c3,τs”j→sj-1,qj,qj-1)。
FHE.Refresh(c,τs”j→sj-1,qj,qj-1):Input private key s'jUnder ciphertext, auxiliary information τs”j→sj-1To help
Key is helped to change, current and next modulus is qjAnd qj-1, do following work:Launch c first1←Powersof2(c,qj).So
After carry out analog-to-digital conversion, c2←Scale(c1,qj,qj-1, 2), corresponding private key s "jWith modulus qj-1.Key conversion is carried out again, is exported
c3←SwitchKey(τs”j→sj-1,c2,qj-1), corresponding private key sj-1With modulus qj-1。
(c, p, q, are 2) mould converting algorithm to wherein c'=Scale, and p, q are two odd modes, and c is integer vectors, c'
It is the integer vectors for being close to (p/q) c and meets c'=c mod 2.X is resolved into
For its bit method for expressing, OutputSwitchKeyGen
(s1,s2,n1,n2, q) it is input into two private keysWith the dimension of private key, modulus q, private key s2WithOperation GHE.PublicKeyGen (s2, N) and public key A is obtained, generate B=A+Powesof2 (s1, q), then
Auxiliary information τ of outputs1→s2=B realizes exchanging.Wherein,
Below in conjunction with the accompanying drawings 2 and 3 pairs of specific embodiments of the invention of accompanying drawing be described in further detail.
The growth data table of table 2 is that the data that data owner possesses are extended with process to obtain, according to the category of Fig. 3
Property anonymization hierarchy structure file instance graph, data is represented with the fuzzy data of multiple levels, and is incorporated into same tables of data
In, each attribute hierarchies number is equal to the columns of the attribute in growth data table.Extended coding tables of data is by growth data table
Data carry out the result of coded treatment according to coding rule, and the extended coding tables of data in table 3 is according to binary processing
Obtain, the data encoding representation of each attribute is unique.
1 growth data table of table
2 extended coding tables of data of table
1. data owner generates some keys to (pk using homomorphism key schedule FHE.KeyGenij,skij), and
Each row of extended coding tables of data table 2 are encrypted respectively with different public keys, obtain the growth data table e for encrypting2RT.Attribute has
3, there are 2,2,3 column datas respectively, so having seven keys pair, respectively (pk11,sk11), (pk12,sk12), (pk21,
sk21), (pk22,sk22), (pk31,sk31), (pk32,sk32), (pk33,sk33)。
2. data owner generates key to (pk using homomorphism key schedule FHE.KeyGencomp,skcomp), with public affairs
Key pkcomp2 all row of black list, obtain the growth data table copy e for encrypting2RTcomp。
3. data owner uploads e2RT、e2RTcomp, coding rule, public key pkcompAnd each attribute is hidden in tables of data
Nameization hierarchy structure file is to cloud server.
4. client asks shared data to cloud server.
5. cloud server record request numbering uid, is subsequently forwarded to proxy server.
6. proxy server determines privacy parameters and secret protection requirement, and indicates that cloud server is performed at anonymization
Reason.In embodiment, we set privacy parameters as 3, meet in the tables of data of secret protection requirement, it is desirable to which each record is at least
Comprising 3-1 bar identical recordings.Using anonymization processing mode be:In e2RTcompIn tables of data, each attribute is extracted respectively
One column data constitutes new ciphertext tables of data re as Fuzzy processing result2RT。
7. outer bag data of the cloud server using storage beyond the clouds perform under ciphertext data based on homomorphic cryptography technology
Anonymization process, and ask proxy server to assist the comparison calculation for completing between ciphertext when needed.We adopt homomorphism
The homomorphism addition FHE.Add of encryption technology and homomorphism multiplication FHE.Mult computings are to ciphertext tables of data re2Two in RT are concrete
Compare between record, statistics obtains comparison result, if being mutually all 1 ciphertext, is not all 0 ciphertext.With homomorphism addition
Computing FHE.Add is calculated and is belonged to a kind of data volume of record, but this data volume is ciphertext form, so needing to ask generation
Reason server assists decryption.
8. proxy server obtains private key sk from data ownercomp, what decryption cloud server transmission came needs ratio
To each record data volume ciphertext, after decryption with setting privacy parameters 3 compare, then to cloud server return
Comparison result information.If ciphertext tables of data re2In RT, each record illustrates the ciphertext data including at least 2 identical recordings
Table re2RT meets secret protection requirement.
9., after cloud server carries out anonymization process, the data column information for meeting secret protection requirement is returned to into agency
Server.When the 1st row for taking the 1st attribute, the 0th row of the 2nd attribute, during the 2nd row of the 3rd attribute, 2 kinds of records are had,
Respectively { Any, Male, Any } { Any, Female, Any }, every kind of record at least 2 datas are consistent with which, that is to say, that every
Kind of record is including at least 3 datas, then by data row (1,0,2) information return to proxy server.
10. proxy server generates temporary key to (pktemp,sktemp), use temporary public key pktempEncryption data row (1,0,
2) the private key sk corresponding to1,1,sk2,0,sk3,2Obtain psk1,1,psk2,0,psk3,2。
Proxy server uploads temporary public key pktempAnd psk1,1,psk2,0,psk3,2To cloud server.
Cloud server psk1,1,psk2,0,psk3,2Re-encryption tables of data e2Corresponding column data in RT, turn over number
It is temporary public key pk according to tabletempUnder re-encryption tables of data.
Client downloads re-encryption tables of data from cloud server, obtains coding rule, and obtains from proxy server
Temporary private sktemp, re-encryption tables of data is decrypted and obtains meeting being total to for secret protection requirement with encoded translated afterwards
The tables of data enjoyed.
In sum, the interactive method for secret protection and system towards high in the clouds for being provided by the present invention, is being joined in many ways
With in the case of, realize the safe handling of data and share.And in the case where privacy is not revealed, proxy server can be used
Process is decrypted to ciphertext data, possibility is provided for the comparison operation in anonymization processing procedure under ciphertext.Finally, visitor
Family end obtains meeting the data ciphertext of secret protection requirement from high in the clouds, and obtains the interim private for decryption from proxy server
Key, client obtain final plaintext result by decryption, for data sharing.
For embodiment disclosed above so that those skilled in the art can be using the present invention, for base in embodiment
It can be attainable using various revisable methods for professional and technical personnel in the anonymization operation of full homomorphism to be.It is special
It is not the privacy parameters of setting and the modification of secret protection requirement is obvious for professional and technical personnel in the field.Cause
This, the present invention will not be limited to embodiment illustrated herein, and it is consistent to be to fit to system disclosed herein principle
Scope.
Claims (6)
1. a kind of interactive method for secret protection towards high in the clouds, it is characterised in that comprise the steps:
1) data owner is according to each column data list that full homomorphism key schedule is each attribute in extended coding tables of data
It is only into key to (pkij,skij), i represents attribute sequence number, and j represents data row number, uses public key pkijIt is encrypted respectively,
Obtain encryption data table;
2) data owner generates key to (pk according to full homomorphism key schedulecomp,skcomp), use public key pkcompEncryption
Extended coding tables of data all properties data are arranged, and obtain encryption data table copy;
3) data owner is by encryption data table and encryption data table copy, and in tables of data each attribute anonymization level knot
Structure file, coding rule, public key pkcompCloud server storage is uploaded to as data outsourcing form;
4) client request shared data, first transmits the request to cloud server, and cloud server record asks numbering uid,
It is subsequently forwarded to proxy server;
5) proxy server determines privacy parameters and indicates that cloud server starts to perform at the anonymization based on full homomorphic cryptography
Reason, specifically includes following sub-step:
5.1) cloud server request proxy server assists to complete ciphertext comparing computing, proxy server private key skcomp
To needing the ciphertext for comparing to be decrypted, plaintext comparison is then carried out, comparison result is back to into cloud server;
5.2) cloud server performs anonymization using the assistance of the outer bag data and proxy server that store beyond the clouds and processes,
Search out the data row for meeting secret protection requirement;
6) to proxy server, proxy server generates temporary key to the information transmission that shareable data is arranged by cloud server
(pktemp,sktemp), and use temporary public key pktempEncryption data row corresponding private key ski,tObtain pski,t, t represents ith attribute
T is arranged;
7) proxy server is by temporary public key pktempAnd pski,tIt is uploaded to cloud server, cloud server pktempWith
pski,tRe-encrypted step 1) in encryption data table, obtain public key pktempUnder re-encryption tables of data;
8) client downloads re-encryption tables of data from cloud server, obtains coding rule, and obtains interim from proxy server
Private key sktemp, re-encryption tables of data is decrypted and can just obtain meeting the data of secret protection requirement with encoded translated afterwards
Table.
2. a kind of interactive method for secret protection towards high in the clouds according to claim 1, it is characterised in that the step
1), in, described extended coding tables of data is a kind of based on each attribute anonymization hierarchical structure and the tables of data shape of coding rule
Formula, is that the data that data owner possesses are extended with process and coded treatment acquisition.Extension process is hidden according to attribute
Nameization hierarchical structure, by fuzzyyer tables of data indicating value insertion tables of data;Coded treatment is by each attribute data in tables of data
Represented with unique coding form.Described attribute anonymization hierarchical structure is defined by XML configuration file, individual data attribute by
Att element definitions, att elements include two attributes:Index represents that data attribute is numbered, and name represents data attribute title.It is single
Individual data attribute tree shape structure includes node elements, raw value or obfuscation number by vgh element definitions, in vgh elements
According to value by node element definitions, the data mode of innermost layer node element representation data owners, outer layer node element representations
Data are the more fuzzy representations to nexine data.The anonymization hierarchical structure of each attribute is different, also can need certainly according to system
Row setting.
3. a kind of interactive method for secret protection towards high in the clouds according to claim 1, it is characterised in that the step
1) with step 2) in, described encryption data table is used for data publication;Encryption data table copy is used for data anonymousization and processes behaviour
Make.
4. a kind of interactive method for secret protection towards high in the clouds according to claim 1, it is characterised in that the step
3), in, described data outsourcing form includes encryption data table and encryption data table copy, and attribute anonymization hierarchical structure
File, coding rule, public key pkcomp, both ensure that the security of data in upload and storing process in turn ensure that cloud service
The security of data in device data handling procedure.
5. a kind of interactive method for secret protection towards high in the clouds according to claim 1, it is characterised in that the step
5), in, described secret protection is required to refer to and avoids the sensitive information in shared data from being associated with individual, and privacy parameters are
Refer to that, to reach the parameter set by secret protection requirement, different secret protections requires that the privacy parameters of setting are different and hidden
Private Protection parameters, secret protection require can sets itself, be not to fix immutable.It is right that described anonymization is processed
Data and data source be hidden or Fuzzy Processing technology.The described anonymization based on full homomorphic cryptography is processed and refers to fortune
Realize that the anonymization under ciphertext is processed with homomorphism addition and multiplying.
6. a kind of interactive intimacy protection system towards high in the clouds, it is characterised in that the system includes data owner, agency's clothes
Business device, client and cloud server, data owner's connection proxy server and cloud server, described proxy server
Connection cloud server, and do not exist and to collude with behavior with cloud server;
Described data owner is the side for possessing mass data, for generating homomorphism key pair, and data is encrypted;
Encryption data table and copy, the anonymization hierarchy structure file of each attribute, public key and coding rule are sent to into cloud service
Device;Private key is sent to into proxy server.
Described proxy server is the service end trusted by data owner, for determining that privacy parameters are required;From data
Private key is obtained at owner, and generates interim homomorphism key pair, private key is encrypted;Realize the letter with cloud server
Breath interaction;Distribute temporary key for client.
Described cloud server, for the safety storage of encryption data table, the anonymization of ciphertext data is processed;At anonymization
Information exchange is carried out with proxy server during reason, the comparison between ciphertext is realized.
Described client is to send a side of data sharing request, obtains re-encryption tables of data, coding rule and temporary private
Afterwards, realize that data deciphering is shared.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611027772.XA CN106533650B (en) | 2016-11-17 | 2016-11-17 | Interactive method for secret protection and system towards cloud |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611027772.XA CN106533650B (en) | 2016-11-17 | 2016-11-17 | Interactive method for secret protection and system towards cloud |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106533650A true CN106533650A (en) | 2017-03-22 |
CN106533650B CN106533650B (en) | 2019-04-02 |
Family
ID=58352785
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611027772.XA Active CN106533650B (en) | 2016-11-17 | 2016-11-17 | Interactive method for secret protection and system towards cloud |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106533650B (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404538A (en) * | 2017-08-18 | 2017-11-28 | 金蝶软件(中国)有限公司 | A kind of cloud data transmission method and its server |
CN108011714A (en) * | 2017-11-30 | 2018-05-08 | 公安部第三研究所 | Guard method and the system of data object main body mark are realized based on cryptography arithmetic |
CN109800595A (en) * | 2018-12-26 | 2019-05-24 | 全球能源互联网研究院有限公司 | A kind of electric power data sharing method and system |
CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
CN110176983A (en) * | 2019-05-22 | 2019-08-27 | 西安电子科技大学 | Privacy protection association rule mining based on full homomorphic cryptography |
CN110190945A (en) * | 2019-05-28 | 2019-08-30 | 暨南大学 | Based on adding close linear regression method for secret protection and system |
CN110365679A (en) * | 2019-07-15 | 2019-10-22 | 华瑞新智科技(北京)有限公司 | Context aware cloud data-privacy guard method based on crowdsourcing assessment |
CN110636070A (en) * | 2019-09-26 | 2019-12-31 | 支付宝(杭州)信息技术有限公司 | Data sending method, data query method, device, electronic equipment and system |
CN111125734A (en) * | 2019-12-20 | 2020-05-08 | 深圳前海微众银行股份有限公司 | Data processing method and system |
CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN111159761A (en) * | 2019-12-20 | 2020-05-15 | 深圳前海微众银行股份有限公司 | Model training method and device |
CN111460475A (en) * | 2020-03-27 | 2020-07-28 | 公安部第三研究所 | Method for realizing data object subject de-identification processing based on cloud service |
WO2020242509A1 (en) | 2019-05-31 | 2020-12-03 | Intuit Inc. | Privacy preserving server |
CN112231736A (en) * | 2020-11-04 | 2021-01-15 | 广东辰宜信息科技有限公司 | Fully homomorphic encryption microsystem, computing method, encryption method, processing end and medium |
CN112788001A (en) * | 2020-12-28 | 2021-05-11 | 建信金融科技有限责任公司 | Data encryption-based data processing service processing method, device and equipment |
CN112818362A (en) * | 2021-01-29 | 2021-05-18 | 江苏理工学院 | Public key encryption method based on R-LWE |
WO2021109756A1 (en) * | 2019-12-03 | 2021-06-10 | 重庆交通大学 | Proxy anonymous communication method based on homomorphic encryption scheme |
CN113127536A (en) * | 2021-04-14 | 2021-07-16 | 上海同态信息科技有限责任公司 | Offline fuzzy matching framework based on homomorphic configuration encryption |
TWI734368B (en) * | 2019-06-18 | 2021-07-21 | 開曼群島商創新先進技術有限公司 | Data homomorphic encryption and decryption method and device for realizing privacy protection |
CN113157778A (en) * | 2021-06-09 | 2021-07-23 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
US11159305B2 (en) | 2019-06-18 | 2021-10-26 | Advanced New Technologies Co., Ltd. | Homomorphic data decryption method and apparatus for implementing privacy protection |
CN114386072A (en) * | 2022-01-13 | 2022-04-22 | 中国科学技术大学 | Data sharing method, device and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103903325A (en) * | 2013-07-08 | 2014-07-02 | 苏州大学 | Safe electronic voting system based on identity signature |
US20150058629A1 (en) * | 2013-08-21 | 2015-02-26 | Mark D. Yarvis | Processing Data Privately in the Cloud |
CN105072157A (en) * | 2015-07-15 | 2015-11-18 | 柳州首光科技有限公司 | Network-based data storage system having privacy protection function |
-
2016
- 2016-11-17 CN CN201611027772.XA patent/CN106533650B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103903325A (en) * | 2013-07-08 | 2014-07-02 | 苏州大学 | Safe electronic voting system based on identity signature |
US20150058629A1 (en) * | 2013-08-21 | 2015-02-26 | Mark D. Yarvis | Processing Data Privately in the Cloud |
CN105072157A (en) * | 2015-07-15 | 2015-11-18 | 柳州首光科技有限公司 | Network-based data storage system having privacy protection function |
Cited By (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404538A (en) * | 2017-08-18 | 2017-11-28 | 金蝶软件(中国)有限公司 | A kind of cloud data transmission method and its server |
CN107404538B (en) * | 2017-08-18 | 2021-01-22 | 金蝶软件(中国)有限公司 | Cloud data transmission method and server thereof |
CN108011714A (en) * | 2017-11-30 | 2018-05-08 | 公安部第三研究所 | Guard method and the system of data object main body mark are realized based on cryptography arithmetic |
CN108011714B (en) * | 2017-11-30 | 2020-10-02 | 公安部第三研究所 | Method and system for protecting data object body identification based on cryptology operation |
CN109800595A (en) * | 2018-12-26 | 2019-05-24 | 全球能源互联网研究院有限公司 | A kind of electric power data sharing method and system |
CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
CN110176983A (en) * | 2019-05-22 | 2019-08-27 | 西安电子科技大学 | Privacy protection association rule mining based on full homomorphic cryptography |
CN110176983B (en) * | 2019-05-22 | 2021-09-03 | 西安电子科技大学 | Privacy protection association rule mining method based on fully homomorphic encryption |
CN110190945A (en) * | 2019-05-28 | 2019-08-30 | 暨南大学 | Based on adding close linear regression method for secret protection and system |
CN110190945B (en) * | 2019-05-28 | 2022-07-19 | 暨南大学 | Linear regression privacy protection method and system based on multiple encryptions |
WO2020242509A1 (en) | 2019-05-31 | 2020-12-03 | Intuit Inc. | Privacy preserving server |
EP3871127A4 (en) * | 2019-05-31 | 2022-07-27 | Intuit Inc. | Privacy preserving server |
TWI734368B (en) * | 2019-06-18 | 2021-07-21 | 開曼群島商創新先進技術有限公司 | Data homomorphic encryption and decryption method and device for realizing privacy protection |
US11159305B2 (en) | 2019-06-18 | 2021-10-26 | Advanced New Technologies Co., Ltd. | Homomorphic data decryption method and apparatus for implementing privacy protection |
CN110365679B (en) * | 2019-07-15 | 2021-10-19 | 华瑞新智科技(北京)有限公司 | Context-aware cloud data privacy protection method based on crowdsourcing evaluation |
CN110365679A (en) * | 2019-07-15 | 2019-10-22 | 华瑞新智科技(北京)有限公司 | Context aware cloud data-privacy guard method based on crowdsourcing assessment |
CN110636070A (en) * | 2019-09-26 | 2019-12-31 | 支付宝(杭州)信息技术有限公司 | Data sending method, data query method, device, electronic equipment and system |
WO2021109756A1 (en) * | 2019-12-03 | 2021-06-10 | 重庆交通大学 | Proxy anonymous communication method based on homomorphic encryption scheme |
CN111159761B (en) * | 2019-12-20 | 2022-06-24 | 深圳前海微众银行股份有限公司 | Model training method and device |
CN111125734A (en) * | 2019-12-20 | 2020-05-08 | 深圳前海微众银行股份有限公司 | Data processing method and system |
CN111125734B (en) * | 2019-12-20 | 2023-03-31 | 深圳前海微众银行股份有限公司 | Data processing method and system |
CN111159761A (en) * | 2019-12-20 | 2020-05-15 | 深圳前海微众银行股份有限公司 | Model training method and device |
CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN111143880B (en) * | 2019-12-27 | 2022-06-07 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN111460475B (en) * | 2020-03-27 | 2023-04-25 | 公安部第三研究所 | Method for implementing de-identification processing of data object main body based on cloud service |
CN111460475A (en) * | 2020-03-27 | 2020-07-28 | 公安部第三研究所 | Method for realizing data object subject de-identification processing based on cloud service |
CN112231736A (en) * | 2020-11-04 | 2021-01-15 | 广东辰宜信息科技有限公司 | Fully homomorphic encryption microsystem, computing method, encryption method, processing end and medium |
CN112788001B (en) * | 2020-12-28 | 2023-04-07 | 建信金融科技有限责任公司 | Data encryption-based data processing service processing method, device and equipment |
CN112788001A (en) * | 2020-12-28 | 2021-05-11 | 建信金融科技有限责任公司 | Data encryption-based data processing service processing method, device and equipment |
CN112818362A (en) * | 2021-01-29 | 2021-05-18 | 江苏理工学院 | Public key encryption method based on R-LWE |
CN112818362B (en) * | 2021-01-29 | 2023-09-22 | 江苏理工学院 | Public key encryption method based on R-LWE |
CN113127536A (en) * | 2021-04-14 | 2021-07-16 | 上海同态信息科技有限责任公司 | Offline fuzzy matching framework based on homomorphic configuration encryption |
CN113127536B (en) * | 2021-04-14 | 2023-07-28 | 上海同态信息科技有限责任公司 | Offline fuzzy matching system based on homomorphic encryption |
CN113157778B (en) * | 2021-06-09 | 2021-09-24 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
CN113157778A (en) * | 2021-06-09 | 2021-07-23 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
CN114386072A (en) * | 2022-01-13 | 2022-04-22 | 中国科学技术大学 | Data sharing method, device and system |
CN114386072B (en) * | 2022-01-13 | 2024-04-02 | 中国科学技术大学 | Data sharing method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN106533650B (en) | 2019-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106533650B (en) | Interactive method for secret protection and system towards cloud | |
Liang et al. | Searchable attribute-based mechanism with efficient data sharing for secure cloud storage | |
Dong et al. | Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing | |
Cui et al. | Efficient and expressive keyword search over encrypted data in cloud | |
EP2658165B1 (en) | Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium | |
JP5422053B2 (en) | Encryption system, encryption communication method, encryption device, key generation device, decryption device, content server device, program, storage medium | |
Han et al. | A data sharing protocol to minimize security and privacy risks of cloud storage in big data era | |
CN106534313A (en) | Frequentness measuring method and system for security and privacy protection facing cloud data issuing | |
Liu et al. | Ciphertext‐policy attribute‐based encryption with partially hidden access structure and its application to privacy‐preserving electronic medical record system in cloud environment | |
Li et al. | Traceable Ciphertext‐Policy Attribute‐Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud | |
Zhou et al. | Privacy preservation for outsourced medical data with flexible access control | |
Hao et al. | Efficient attribute-based access control with authorized search in cloud storage | |
Aslan et al. | Algebraic construction of cryptographically good binary linear transformations | |
Smithamol et al. | Hybrid solution for privacy-preserving access control for healthcare data | |
CN105656881B (en) | A kind of electronic health record can verify that outsourcing storage and retrieval system and method | |
Yang et al. | A privacy‐preserving data transmission scheme based on oblivious transfer and blockchain technology in the smart healthcare | |
Khuntia et al. | New hidden policy CP-ABE for big data access control with privacy-preserving policy in cloud computing | |
Zhou et al. | Secure outsourced medical data against unexpected leakage with flexible access control in a cloud storage system | |
Suma et al. | Brakerski‐Gentry‐Vaikuntanathan fully homomorphic encryption cryptography for privacy preserved data access in cloud assisted Internet of Things services using glow‐worm swarm optimization | |
Liu et al. | Sharing and privacy in PHRs: Efficient policy hiding and update attribute-based encryption | |
Minh et al. | Post-quantum commutative deniable encryption algorithm | |
JP2016115997A (en) | Storage information access control method and program therefor | |
Sharma et al. | Making data in cloud secure and usable: fully homomorphic encryption with symmetric keys | |
JP6885325B2 (en) | Cryptographic device, decryption device, encryption method, decryption method, program | |
Worapaluk et al. | A secure, traceable, and efficiently revocable cloud-based access control scheme using ciphertext policy attribute-based encryption and blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |